The Battle for Privacy Intensifies in Australia

Australians are fending off threats to their right to privacy from all directions. First, there was Australian Attorney General Nicola Roxon’s push to expand government online surveillance powers, submitted to Parliament in a package of reforms sought in a National Security Inquiry.

Then, on Aug. 22, the Australian Senate approved the Cybercrime Legislation Amendment Bill 2011, granting authorities the power to require phone and Internet providers to store up to 180 days worth of personal communications data. The purpose is to aid in investigations by both foreign and domestic law enforcement agencies, making it especially controversial since it can result in granting foreign governments access to Australian citizens’ communications data. The legislation only allows for data retention in the cases of specifically targeted individuals.

The bill is based on the Council of Europe Convention on Cybercrime – which we've flagged in the past as one of the world’s worst Internet law treaties – and the passage of the bill opens the door for Australia to join the Convention.

At least we can welcome the news that one of the most controversial aspects of Roxon’s National Security Inquiry proposal, a vague mandatory data retention provision that would have required service providers to retain all users’ communications data for up to two full years, seems to have been placed on hold – for now, anyway.

Yet at the same time, the newly approved Cybercrime Legislation Amendment Bill 2011 is viewed by some in Australia as a kind of “data retention lite,” and a precursor to the mass, untargeted surveillance that the more extreme proposal may yet usher in. An outcome of the approval of this bill, after all, is that providers will now have to install systems enabling data retention for up to 180 days – and pay for it themselves.

Public Fights Back

Despite the steady march toward expanded online snooping powers for law enforcement in the name of “national security,” a hefty pile of submissions landed in Parliamentary chambers last week, reflecting strong public opposition to the proposed reforms. A total of 177 submissions, representing thousands of individuals and organizations, flowed in to the Joint Parliamentary Committee on Intelligence and Security even though the government allowed only a brief timeframe for comment.

Below, we collected some reactions of various Australian stakeholders who drafted lengthy submissions to convey their serious concerns. Civil liberties advocates aren’t the only ones worried about where this is going. The Australian Mobile Telecommunications Association and Communications Alliance, a telecom industry group, also chimed in to express concerns about costly new requirements for telecoms that would come attached to these surveillance measures. Since data retention disproportionately burdens smaller ISPs affected by requiring expensive equipment upgrades, the measure has the potential to hamper innovation by discouraging new startups from entering the market.

Re: Making it a Crime to Refuse to Aid in Decryption

One of the worst ideas contained in the National Security Inquiry package is the creation of a new crime under the Telecommunications (Interception and Access) Act of 1979: Refusing to aid law enforcement in the decryption of communications. That interception law gratned law enforcement agencies, such as the Australian Federal Police (AFP) and the Australian Crime Commission (ACC), the ability to legally intercept communications for the first time. Reactions to the proposal hinged on the threat it poses to Australians’ right to silence.

Senator Scott Ludlam, speaking on behalf of the Australian Green Party, had this to say:

While the integrity of Australianʹs right to silence has been damaged by the anti‐terrorism laws, with regard to other criminal offences it remains intact. This proposal further degrades the right to silence, presumably to pre‐trial investigations and undermines the privilege against self incrimination. … The Committee should oppose this proposal as a serious erosion of the legal and human rights of Australians.

Electronic Frontiers Australia, a digital civil liberties organization (which is not formally affiliated with EFF), pointed out a number of problems with this idea:

EFA is concerned about the possible creation of an offence for failing to assist in the decryption of communications for the following reasons:

it undermines the right of individuals to not cooperate with an investigation

it poses a threat to the independence of journalists and their sources, particularly in circumstances involving whistle-blowing activity related to cases of official corruption

it could undermine the principles of doctor-patient and lawyer-client confidentiality and other trusted relationships

there are foreseeable and entirely legitimate circumstances in which decryption of data is not possible, such as where a password has been forgotten and is unrecoverable.

EFA therefore believes that the Committee should reject this proposal.

Re: Extending the Regulatory Regime to “Ancillary Service Providers”

A discussion paper submitted as part of the National Security Inquiry proposal makes it clear that the Australian government is “considering the need for a new interception regime that better reflects the contemporary communications environment,” i.e. a total overhaul of existing legislation to allow law enforcement to pry into communications taking place over platforms like Facebook or Twitter. The discussion paper defines “ancillary service providers” as “Telecommunications industry participants who are not carriers or carriage service providers.” Ultimately, this suggests the government is angling to bring all forms of online communications into the reach of interception laws.

Telecommunications legislation already goes much further than regulation in most other sectors in mandating a role for private sector businesses as agents of the state in surveillance and law enforcement (banking and finance is the other main area where this has happened). These proposals would see a further significant extension of this role. Online intermediaries in particular host our communications with our friends, relatives, co-workers etc. They host a vast amount of information, the volume and scope of which is growing exponentially as we move to the cloud, use social networks, etc. Using online intermediaries as an agent of the State dramatically impacts on the state's surveillance capabilities. Even minor changes in what they are required to do on behalf of government agencies can have very broad implications for people’s privacy.

Ludlam, of the Australian Greens, also blasted the idea.

The Attorney Generalʹs paper does not explain how covering ʹancillary service providersʹ – the many and ever increasing forms of social media – in legislation will address ʹcurrent potential vulnerabilities in the interception regime that are capable of being manipulated by criminalsʹ. The Greens believe it is excessive to extend the reach of surveillance into the retention of all social media exchanges. Does this include all business exchanges on video conferencing platforms?

And EFA pointed out that this proposal could expose anyone to law enforcement scrutiny, not just people suspected of wrongdoing.

Central to many of the services that Australians deliberately sign-up for— e.g. Facebook, Twitter, Pinterest, Apple iCloud, etc.—is the concept of sharing across networks. In surveilling a target’s activities in such services, shared friends or media objects connect target and non-target individuals such that following one surveillance target inescapably involves collateral surveillance necessarily breaching the privacy of non-targets. …. Indeed, “cloud computing” itself underlies “social networking”. As such, the information flows pertaining to individuals cross and recross such services to the point where, again, separating surveillance of a particular target is almost inevitably going to encounter that of other individuals, but in this case in ways that cannot be anticipated and very deeply undermine Australians’ reasonable expectation of privacy.

Related Updates

There’s a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy. It is built into a dangerous bill called the CLOUD Act, which would allow police at home and abroad to seize cross-border data without following the privacy rules where the data is...

EFF and 23 other civil liberties organizations sent a letter to Congress urging Members and Senators to oppose the CLOUD Act and any efforts to attach it to other legislation. The CLOUD Act (S. 2383 and H.R. 4943) is a dangerous bill that would tear away global privacy...

People in marginalized communities who are targets of persecution and violence—from the Rohingya in Burma to Native Americans in North Dakota—are using social media to tell their stories, but finding that their voices are being silenced online. This is the tragic and unjust consequence of content moderation policies...

The Supreme Court of India has commenced final hearings in the long-standing challenge to India's massive biometric identity apparatus, Aadhaar. Following last August’s ruling in the Puttaswamy case rejecting the Attorney General's contention that privacy was not a fundamental right, a five-judge bench is now weighing in on...

Although we have been opposing Europe's misguided link tax and upload filtering proposals ever since they first surfaced in 2016, the proposals haven't been standing still during all that time. In the back and forth between a multiplicity of different Committees of the European Parliament, and two other institutions...

This week, Senators Hatch, Graham, Coons, and Whitehouse introduced a bill that diminishes the data privacy of people around the world.
The Clarifying Overseas Use of Data (CLOUD) Act expands American and foreign law enforcement’s ability to target and access people’s data across international borders in two ways. First...

EFF fights for technology users. We believe that empowering and protecting users should be baked into laws, policies, and court decisions, as well as into the technologies themselves. Since our founding in 1990, we have paired this goal with the common-sense recognition that in order to properly consider these questions...

Last week EFF attended the Global Conference on Cyberspace (GCCS) in New Delhi, India, as one of a small handful of nonprofit organizations invited to participate. This was the fifth in a series of conferences sometimes called the London Process, after the first event that was held in London...

Last week the European Parliament passed a new Consumer Protection Regulation [PDF] that allows national consumer authorities to order ISPs, web hosts and domain registries to block or delete websites... all without a court order. The websites targeted are those that allegedly infringe European consumer law. But European consumer...

The global movement for open access to publicly-funded research stems from the sensible proposition that if the government has used taxpayers' money to fund research, the publication of the results of that research should be freely-licensed. Exactly the same rationale underpins the argument that software code that the government...